Facebook won't keep your two-factor phone number truly private

Facebook is once again receiving bad press, for being a rapacious consumer of personal data. The company is under fire for its refusal to allow users to opt out of being found by their phone number when those digits were only supplied for two-factor authentication. TechCrunch is drawing attention to the annoyance, pointing out that some folks are now learning about the bait'n'switch.

Twitter user Jeremy Burge pointed out, in a thread, that phone numbers could be searched, with "no way to disable" the feature. He added that, perhaps unsurprisingly, this data is also shared with WhatsApp and Instagram, which means your phone number becomes a unique ID for you. And it's impossible to disable the feature if you added your number -- only limit it to your immediate friend circle.

Facebook told TechCrunch that this is not a new situation, which is true, and we've known that the platform uses phone numbers for ad tracking since last September. The company uses that unique ID, since it's tied to you, and can use it to sell ads, much as it does with everything else it knows about you. It's a practice that columnist Violet Blue said "gives a middle finger to infosec" on this very website.

To be fair to Facebook, you don't need to offer up a phone number to engage two-factor authentication. Third-party systems, like Google Authenticator and Duo Security can also be used to add an additional layer of protection onto your account. That will be small comfort to those who engaged the security before the rules were changed, however.

The fact that Facebook accounts are searchable purely with a phone number raises some interesting privacy and security concerns. It's possible to limit this to just your circle of friends, but it's set to everyone by default, which could lead to unwanted lookups.